1

I'm using [NSURLConnection sendAsynchronousRequest:request queue:[NSOperationQueue mainQueue] completionHandler:^(NSURLResponse *response, NSData *data, NSError *error)] to pull data from a web service, but the web server has a self-issued certificate, causing this error to appear:

SSL Error

Error displayed using:

NSAlert *a = [NSAlert alertWithError:error];
[a runModal];

Is there any way to ignore this error and continue anyway?

colincameron
  • 2,696
  • 4
  • 23
  • 46
  • 1
    possible duplicate of [Ignoring certificate errors with NSURLConnection](http://stackoverflow.com/questions/3766755/ignoring-certificate-errors-with-nsurlconnection) – paulmelnikow Mar 13 '13 at 23:59
  • I figured this had been asked before and located and retitled the earlier question. Hopefully it will solve your problem. – paulmelnikow Mar 14 '13 at 00:00
  • You're right it is a dupe (although I didn't get that answer because I searched for `sendAsynchronousRequest`, so this question is for that method specifically). – colincameron Mar 14 '13 at 15:13
  • *"Ignoring SSL certificate errors with NSURLConnection"* - its better to fix the problem rather than ignoring the error (assuming its a non-trivial error, like a fake certificate rather than an expired certificate). If you are not going to use PKI and SSL correctly, then why use it at all? – jww Aug 06 '14 at 15:44

2 Answers2

6

Following the instructions in the linked question, I defined a dummy interface for NSURLConnection:

@interface NSURLRequest (DummyInterface)
+ (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host;
@end

And called the method before creating the request:

[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:url];

This suppressed the error about the certificate being invalid.

colincameron
  • 2,696
  • 4
  • 23
  • 46
  • 3
    Isn't this private API? – Stavash Jul 24 '13 at 11:38
  • Yes it is, but my app is not in the app store, but distributed directly, so I do not need to worry about rejection. Of course, I run the risk of the API changing in later versions of OS X, as this is undocumented. – colincameron Jul 24 '13 at 16:54
  • Cool, just wanted to make sure – Stavash Jul 24 '13 at 20:58
  • 3
    *"I run the risk of the API changing..."* - how about the risk of leaking and losing information for anyone who attacks? Do you tell your customers about it? – jww Aug 06 '14 at 15:41
0

This may be rejected by Apple. Use the proper implementation of NSConnectiondatadelegate:

see a way around it: Stackoverflow response to similar question

Community
  • 1
  • 1
Nikolay DS
  • 1,367
  • 1
  • 8
  • 8
  • I cannot use an `NSURLConnectionDelegate` method, as I am calling `-sendAsynchronousRequest`. Nonetheless, this is a moot point now for my app as I solved the problem by purchasing an SSL cert for the server. – colincameron Jun 26 '14 at 15:47